ISO/IEC 27001 Control 6.4: Disciplinary process
Control
A disciplinary process should be formalized and communicated to take actions against personnel and other relevant interested parties who have committed an information security policy violation.
Necessity of MidPoint
MidPoint is optional for implementation of this control.
Implementation of this control without midPoint is feasible. However, midPoint provides considerable advantages for implementation of this control, making the implementation more efficient and reliable.
Implementation Overview
MidPoint can be used as a tool to easily reduce access rights of users that violate the policy.
Implementation Details
In midPoint, access is granted to users using assignments, usually role assignments. The assignment contains an activation part, which can be used to control validity of the assignment. For disciplinary actions, assignment activation can be used to temporarily disable the assignment, revoking access rights from user that violated the policies. The assignment stays in place, therefore the access can be easily restored for the user when the disciplinary action is over. Moreover, the activation mechanism allow to set up revocation of access rights for a specific period, after which access rights are automatically restored. In extreme cases, identity lifecycle can be used to temporarily disable all access of specific user, using the "suspended" lifecycle state.
Rationale
MidPoint has supporting functionality to apply consequences of disciplinary process to access management.